During web penetration testing, we can often gather backup data in the form of a ZIP file. ZIP files that contain sensitive data, for instance, could possibly be encrypted. Let's take a look at how we can create a simple ZIP file password cracking program using Perl.
First off, we need to create a simple password-protected ZIP file to try this against. We will be using the Linux
zip utility as follows:
zip backup.zip -re *
This will create a password-encrypted ZIP file after asking for and confirming the password we choose.
Now, let's use the
Archive::Zip Perl module and create a simple brute force application that tries every dictionary word in our list to crack the password used to create the ZIP file: